Reflected XSS Vulnerability in Raytha CMS
CVE-2025-69242

5.1MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69242?

Raytha CMS is exposed to a reflected cross-site scripting vulnerability through the backToListUrl parameter. This allows attackers to create malicious URLs that, when accessed by an authenticated user, can lead to the execution of arbitrary JavaScript in the victim's browser. As a result, sensitive information can be compromised or user actions can be manipulated. Users are advised to update to version 1.4.6 or later to mitigate this security risk.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Daniel Basta

CVE-2025-69242 Data

JSON